| 发明名称 | Techniques for detecting a security vulnerability | ||
| 摘要 | Techniques for detecting security vulnerabilities are disclosed. In one particular embodiment, the techniques may be realized as a method for detecting security vulnerabilities including assigning a reputation to an application, distributing the reputation to a client, receiving monitored system behavior from the client related to the client executing the application, determining whether to change the reputation of the application based on the monitored system behavior, distributing the changed reputation to the client, receiving further monitored system behavior from the client, and determining whether to generate a rule for the application based on the monitored system behavior received from the client. | ||
| 申请公布号 | US9639693(B2) | 申请公布日期 | 2017.05.02 |
| 申请号 | US201313931426 | 申请日期 | 2013.06.28 |
| 申请人 | Symantec Corporation | 发明人 | Rivera Shireen;Ashley Peter |
| 分类号 | G06F21/51;G06F21/56;G06F21/57 | 主分类号 | G06F21/51 |
| 代理机构 | Wilmer Cutler Pickering Hale and Dorr LLP | 代理人 | Wilmer Cutler Pickering Hale and Dorr LLP |
| 主权项 | 1. A method for detecting a security vulnerability comprising: determining, at a backend system, an initial reputation of a new application, wherein the new application is a new version of a first application that was previously installed on a plurality of clients, and wherein the initial reputation is based on a reputation of the previous version of the first application, an analysis of a developer of the new version of the first application, and behavior of the new version of the first application during installation on a plurality of clients, wherein the behavior of the new version of the first application during installation on the plurality of clients is analyzed using heuristics; distributing the initial reputation from the backend system to the plurality of clients via a network; receiving, at the backend system, monitored system behavior from one of the plurality of clients related to the one of the plurality of clients executing the new application, wherein the monitored system behavior includes detailed information regarding the system behavior of the one of the plurality of clients, applications being executed on the one of the plurality of clients, the new application being executed on the one of the plurality of clients, and an indication of whether the new application is exhibiting malicious behavior,and wherein the one of the plurality of clients executes the new application based on a security enforcement for the new application determined in accordance with the initial reputation of the new application and a behavior of the new application subsequent to installation; determining, at the backend system, whether to change the initial reputation of the new application based on the monitored system behavior; distributing a changed initial reputation to the plurality of clients based on the determination; receiving further monitored system behavior based on the changed initial reputation from the one of the plurality of clients; and determining an action to be performed based on the further monitored system behavior received from the one of the plurality of clients, wherein the action to be performed comprises changing a reputation of a second application different from the first application and the new application. | ||
| 地址 | Mountain View CA US | ||